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(54) Device authentication 

(57) During device deployment in a network envi- 
ronment, authentication is achieved by the device 1 0 
having a pre-configured security key which a service fa- 
cility 20 uses to authenticate the device 1 0. These tech- 
niques enable a service facility 20 to associate pre-con- 



figured security keys to owners/users of devices, and 
enable devices to be purchased without any custom 
configuration, and enable devices to be attached to a 
network and automatically obtain authentication and 
configuration based on the identity of the owner of the 
devices. 
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Description 

[0001] The present invention pertains to the field of 
device authentication. More particularly, this invention 
relates to device authentication using pre-configured 
security keys. 

[0002] A wide variety of devices may be employed in 
a network communication environment. For example, 
measurement devices may be placed in locations where 
measurements are desired and a communication net- 
work may be used to report obtained measurements to 
an information recording facility. Similarly, actuator/con- 
trol devices may be placed in desired locations and a 
communication network may be used to carry control 
information to/from the devices. 
[0003] It is usually desirable in a network environment 
to provide mechanisms that enable authentication of de- 
vices with respect to their owners/users. For example, 
it is common for the owner/user of a measurement de- 
vice to subscribe to a data logging service provided by 
an information recording facility. In such a system, it is 
desirable to provide the information recording facility 
with a capability to authenticate the fact that a measure- 
ment device is associated with a user/owner that sub- 
scribes to the services of the information recording fa- 
cility. 

[0004] In addition, it is usually desirable in a network 
environment to provide secure communication for de- 
vices. Secure communication may prevent, for exam- 
ple, unauthorized parties from obtaining data from a 
measurement device or prevent unauthorized parties 
from providing control information to actuator/control 
devices. 

[0005] Prior techniques for enabling authentication 
and secure communication for devices in a network usu- 
ally include human intervention. For example, it is com- 
mon for a field installer to configure a measurement de- 
vice with a security key at its installation site. The secu- 
rity key may then be used by an information recording 
facility to authenticate messages from the measurement 
device and decrypt data that is encrypted with the se- 
curity key. Unfortunately, such techniques that involve 
human intervention usually increase the costs of device 
installation. Such costs are magnified in applications 
that involve large numbers of devices connected to an 
open network. 

[0006] Techniques are disclosed that enable devices 
in a network environment to automatically obtain au- 
thentication without specialized human intervention dur- 
ing device deployment. A device according to the 
present techniques includes a pre-configured security 
key which a service facility uses to authenticate the de- 
vice. Techniques are disclosed for enabling a service fa- 
cility to associate pre-configured security keys to own- 
ers/users of devices, and for enabling devices to be pur- 
chased without any custom configuration, and for ena- 
bling devices to be attached to a network and automat- 
ically obtain authentication and configuration based on 



the identity of the owner of the devices. 
[0007] Other features and advantages of the present 
invention will be apparent from the detailed description 
that follows. 

5 [0008] The present invention is described with re- 
spect to particular exemplary embodiments thereof and 
reference is accordingly made to the drawings in which: 

Figure 1 shows a system according to the present 
10 techniques; 

Figure 2 shows a system according to the present 
techniques which includes a key authority that pro- 
vides security keys and corresponding public iden- 
15 tifiers; 

Figure 3 shows a system according to the present 
techniques which employs public-private key en- 
cryption; 

20 

Figure 4 shows a method for authenticating a de- 
vice according to the present techniques. 

[0009] Figure 1 shows a system 1 00 according to the 
25 present techniques. The system 1 00 includes a service 
facility 20 and a device 1 0 which communicate via a net- 
work 300. A user/owner of the device 10 subscribes to 
services associated with the device 1 0 that are provided 
by the service facility 20. The service facility 20 includes 
30 a data log 24 for holding information associated with au- 
thenticated devices. 

[0010] The device 10 includes a communication 
mechanism 1 7 that enables communication via the net- 
work 300 and that generates digital signatures, authen- 

35 tication messages, message encryption, etc, in accord- 
ance with the present teachings. The communication 
mechanism 17 may be implemented as a combination 
of hardware and code and provides the appropriate 
functions for communication on the network 300 using, 

40 for example, web protocols. 

[0011] In one embodiment, the device 10 is a meas- 
urement device and the service facility provides a data 
logging service for the measurements generated by the 
device 10. Examples of measurement devices are nu- 

45 merous and include digital cameras, temperature sen- 
sor, pressure sensors, chemical sensors, motion sen- 
sors, electrical signal sensors, and other types of devic- 
es capable of rendering digital measurements. The 
service facility 20 may embody a server that communi- 

50 cates via the network 300 using HTTP protocols and the 
device 1 0 may include HTTP client or server capabili- 
ties. 

[0012] The device 10 includes a persistent memory 
12 that holds a pre-configured security key. The pre- 
55 configured security key may be programmed into the de- 
vice 1 0 by a provider of the device 1 0. The provider of 
the device 1 0 may be a manufacturer or some other en- 
tity that ultimately provides the device 1 0 to a user/own- 
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er. The persistent memory 12 may be any type of per- 
sisted memory. Examples are numerous and include 
registers, read-only memory, non-volatile RAM, etc, sol- 
id-state memory including magnetic memory, etc. 
[0013] The persistent memory 1 2 also holds a public 5 
identifier for the device 10. One example of a public 
identifier is a manufacturer's serial number. Another ex- 
ample of a public identifier is a MAC address used in 
communication. In many embodiments, the fact that the 
pre-configured security key of the device 10 is pro- 
grammed into the same pre-existing persistent memory 
which holds other information such as a public identifier 
for the device 10 means that providing the pre-config- 
ured security key does not add substantial costs or extra 
steps during manufacture of the device . 10. 
[0014] A user/owner deploys the device 1 0 by placing 
it in a desired location and connecting it to the network 
300. The device 1 0 then automatically authenticates it- 
self to the service facility 20 using the pre-configured 
security key in the persistent memory 12. This elimi- 
nates the need for install/service personnel to travel to 
the site of installation of the device 10 to configure se- 
curity keys. 

[0015] In one embodiment, the device 10 authenti- 
cates itself to the service facility 20 by generating an 
authentication message 1 6 using the pre-configured se- 
curity key contained in the persistent memory 12. The 
service facility 20 obtains the authentication message 
1 6 via the network 300 and uses it to verify the authen- 
ticity of the device 10. For example, the authentication 
message 16 may include a digital signature which is 
generated using the pre-configured security key and the 
public identifier from the persistent memory 12. The 
service facility 20 obtains the authentication message 
16 and determines whether the device 10 is authentic 
by verifying the digital signature. 
[0016] The service facility 20 includes a configuration 
store 22 that holds a set of entries, each entry associ- 
ating a security key to a corresponding authentic device. 
For example, one entry in the configuration store 22 may 
include the value of the pre-configured security key and 
the value of its corresponding public identifier of the de- 
vice 10. The service facility 20 receives the authentica- 
tion message 1 6 via the network 300, uses the clear text 
of the public identifier which is carried in the authentica- 
tion message 16 to lookup and obtain a security key 
from the configuration store 22. If a security key corre- 
sponding to the public identifier carried in the authenti- 
cation message 16 is present in the configuration store 
22 then the service facility 20 uses that security key to 
verify the digital signature of the authentication mes- 
sage 16. 

[0017] For example, the device 10 may generate the 
digital signature for the authentication message 16 by 
computing a hash of the public identifier from the per- 
sistent memory 1 2 and then applying the pre-configured 
security key from the persistent memory 12 to that re- 
sult. In response, the service facility 20 may authenti- 



cate the device 1 0 by applying the same hash function 
to the public identifier carried in the authentication mes- 
sage 16 and then use the corresponding security key 
obtained from the configuration store 22 to determine 
whether that hash result corresponds to the digital sig- 
nature carried in the authentication message 1 6. In this 
example, the public identifier 14 is carried in clear text 
in the authentication message 16. 
[0018] The pre-configured security key contained in 
the persistent memory 1 2 and the information in the con- 
figuration store 22 also enable secure communication 
between the device 10 and the service facility 20. For 
example, the device 10 may encrypt data using the pre- 
configured security key from the persistent memory 12 
and transfer it to the service facility 20. In response, the 
service facility 20 uses a security key for the device 1 0 
obtained from the configuration store 22 to decrypt the 
data from the device 1 0. 

[0019] In some embodiments, the pre-configured se- 
curity key in the persistent memory 12 is a private key. 
In other embodiments, the pre-configured security key 
in the persistent memory 12 may include a public key 
and a private key. 

[0020] Figure 2 shows an embodiment of the system 
100 which includes a key authority 40 that provides the 
service facility 20 with the information for its configura- 
tion store 22 of security keys and corresponding public 
identifiers. The key authority 40 may, for example, be 
the manufacturer of the device 10 or a service provider 
from which an owner/user obtains the device 1 0 to name 
a couple of examples. 

[0021 ] A user/owner of the device 1 0 obtains the serv- 
ices of the service facility 20 by generating a user mes- 
sage 30 that includes a device public identifier for the 
device 1 0 and a provider identifier that identifies the key 
authority 40. In response to the user message 30, the 
service facility 20 obtains the security key for the device 
10 from the key authority 40 using a secure channel of 
communication between the service facility 20 and the 
key authority 40. The obtained security key and corre- 
sponding public identifier are then recorded in the con- 
figuration store 22 for use when authenticating the de- 
vice 10. 

[0022] Figure 3 shows an embodiment of the system 
1 00 which employs public-private key encryption . In this 
embodiment, the persistent memory 1 2 holds a pre-con- 
figured security key that includes a public key along with 
a private key. Once connected to the network 300, the 
device 10 generates an authentication message 56 that 
includes the public key from the persistent memory in 
clear text and that may include other information which 
is encoded using the private key from the persistent 
memory. 

[0023] The service facility 20 obtains the authentica- 
tion message 56 via the network 300 and uses the public 
key for the device 1 0 to verify the authenticity of the de- 
vice 10. For example, the device 10 may digitally sign 
the authentication message 56 using the private key 
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from the persistent memory 12 and the service facility 
20 verifies the digital signature using the public key for 
the device 1 0 which may be carried in the authentication 
message 56. 

[0024] Alternatively, the service facility 20 may obtain 5 
the public key for the device 1 0 from a key authority 50. 
The key authority 50 may issue a digital certificate to the 
service facility 20 that certifies the public key with re- 
spect to the device 1 0. 

[0025] Figure 4 shows a method for authenticating 
the device 10 according to the present techniques. At 
step 100, a pre-configured security key is provided to 
the device 10. The pre-configured security key may be 
programmed into the device 10 by its manufacturer or 
a third party - for example a data logging service asso- 
ciated with the service facility 20 that resells the device 
10. The pre-configured security key programmed into 
the device 1 0 at step 1 00 may be a private key or a public 
key/private key pair. 

[0026] At step 1 02, an install key for the device 1 0 is 
created. The install key may be created, for example, 
by encrypting a public identifier of the device 1 0 with the 
private key from step 100. The install key may be cre- 
ated by the manufacturer of the device 10 or by a third 
party. The install key may be programmed into a persist- 
ent memory in the device 10. The install key may be 
affixed to the device 10 using, for example, a sticker. A 
sticker may include a bar code which enables reading 
of install keys for large numbers of devices. 
[0027] At step 1 04, a user/owner of the device 1 0 cre- 
ates a profile of the device 1 0 on the service facility 20. 
When creating the profile, the user/owner of the device 
1 0 enters the install key for the device 1 0 into the profile 
on the service facility 20. For example, the user/owner 
may have selected the service facility 20 to be used as 
a data logging service for measurements obtained by 
the device 10. The user/owner may activate the data 
logging service by creating a profile on the service facil- 
ity 20 for the device 10 and providing the install key as 
part of the profile. The profile may be stored, for exam- 
ple, in the configuration store 22. 
[0028] The service facility 20 may extract the plain- 
text public identifier of the device 10 from the install key 
using the private key of the device 1 0 because the install 
key was created using that private key The service fa- 
cility 20 may obtain the private key of the device 1 0 from 
a key authority such as the manufacturer or provider of 
the device 10. 

[0029] Alternatively, the service facility 20 may extract 
the plain-text public identifier of the device 1 0 from the 
install key using the public key of the device 10. The 
service facility 20 may obtain the public key of the device 
10 from a key authority or from the device 10 itself at 
step 106. 

[0030] At step 106, the service facility 20 obtains an 
authentication message from the device 10. This may 
occur when the device 1 0 performs its initial contact with 
the service facility 20. The authentication message in- 



cludes the public identifier of the device 1 0 in plain-text 
format along with other information such as the install 
key of the device 10. In response, the service facility 20 
locates the profile of the device 10 which was created 
by the user at step 104. In an embodiment which uses 
a public key, the service facility 20 may obtain the public 
key of the device 10 at this time from either the device 
10 or a key authority. 

[0031] At step 108, the service facility 20 authenti- 
cates the device 10 as belonging to the user/owner of 
step 104 by validating the install key carried in the au- 
thentication message from the device 1 0. For example, 
if the install key is encrypted then the service facility 20 
may decrypt it and compares it to the install key con- 
tained in the profile created at step 104. A match indi- 
cates an authentic device with respect to the user/owner 
that created the profile of the device 10. The install key 
may be decrypted using the private key or the public key 
of the device 1 0 depending on the particular type of en- 
cryption system employed. 

[0032] The service facility 20 may perform additional 
dialogs by exchanging messages with the device 10 to 
verify that the device 1 0 does contain the pi;e-conf igured 
security key provided at step 100. This prevents a party 
from obtaining the public identifier and the install key of 
the device 1 0 and trying to in effect impersonate the de- 
vice 1 0 to the service facility 20. 
[0033] In some embodiments, a device may optionally 
have an internal GPS receiver for assisting with a cus- 
tom configuration based on location. 
[0034] In some embodiments, the service facility 20 
validates the public key obtained from the device 1 0 by 
requiring the device 1 0 to present a certificate signed by 
a trusted certificate authority. 

[0035] The present techniques enable the deploy- 
ment of a very large number of devices which use the 
services of a web server connected to the open Internet. 
The devices once deployed automatically generate data 
and obtain configuration with little or no intervention by 
the user/owners. 

[0036] The present techniques enable devices to be 
purchased without any custom configuration requiring 
trained installation personnel. The devices may be at- 
tach to a network to automatically obtain authentication 
and configuration based on the identity of the owner of 
the devices. Consider an example in which user A and 
user B both have accounts on the service facility 20. The 
service facility 20 may distinguish between the devices 
of user A and the devices of user B by looking up the 
install keys of the devices. The service facility 20 may 
redirect a device attempting to initiate contact to another 
service facility. Alternatively, the service facility 20 may 
act as an agent for user A and user B and provide con- 
figuration and data storage directly. 
[0037] The present techniques enable all communi- 
cations to and from a device to be encrypted and au- 
thenticated, including installation and configuration. The 
present techniques enable an service facility to authen- 
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ticate a device and avoid installation "spoofing." Own- 
ership, and therefore control, of measurements devices 
may be determined automatically using the present 
techniques. The present techniques enable an automat- 
ic installation of a device given only its install key and 
enables an association with a user/owner of the device 
at a later time, 

[0038] The foregoing detailed description of the 
present invention is provided for the purposes of illus- 
tration and is not intended to be exhaustive or to limit 
the invention to the precise embodiment disclosed. Ac- 
cordingly, the scope of the present invention is defined 
by the appended claims. 



Claims 

1 . A system, comprising: 

device (10) having a pre-configured security 
key; 

service facility (20) that authenticates the de- 
vice (1 0) using the pre-configured security key. 

2. The system of claim 1 , wherein the device (1 0) in- 
cludes a persistent memory (12) for holding the pre- 
configured security key. 

3. The system of claim 1 , wherein the service facility 
(20) authenticates the device (1 0) by verifying a dig- 
ital signature of a message generated by the device 
(10) using the pre-configured security key. 

4. The system of claim 1 , wherein the device (1 0) in- 
cludes an install key which is generated using the 
pre-configured security key. 

5. The system of claim 4, wherein the service facility 
(20) authenticates the device (1 0) by validating the 
install key carried in an authentication message 
from the device (10). 

6. A device, comprising: 

persistent memory (12) for holding a pre-con- 
figured security key; 

mechanism (1 7) that enables authentication of 
the device using the pre-configured security 
key. 

7. The device of claim 6, wherein the mechanism (1 7) 
generates an authentication message with a digital 
signature using the pre-configured security key 
such that the device is authenticated by verifying 
the digital signature. 

8. The device of claim 6, wherein the persistent mem- 
ory (12) is also for holding an install key which is 



8 

generated using the pre-configured security key. 

9. The device of claim 8, wherein the mechanism (1 7) 
generates an authentication message that carries 

5 the install key such that the device is authenticated 
by validating the install key. 

10. The device of claim 6, wherein the pre-configured 
security key is used in secure communication with 

10 the device. 
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